get('/booking'); $response->assertRedirect('/login'); } public function testGuestIsRedirectedFromBookingDetail(): void { $response = $this->get('/booking/1'); $response->assertRedirect('/login'); } public function testNonAdminUserCannotAccessBookingIndex(): void { $user = User::factory()->create(['admin' => 0]); // Middleware 'admin' redirects non-admins to /home $response = $this->actingAs($user) ->withoutMiddleware(\App\Http\Middleware\MiddleGoogle2FA::class) ->get('/booking'); $response->assertRedirect('/home'); } public function testAdminUserCanAccessBookingIndexAfterAuthentication(): void { $user = User::factory()->admin()->create(); $response = $this->actingAs($user) ->withoutMiddleware([ \App\Http\Middleware\MiddleGoogle2FA::class, ]) ->get('/booking'); // Either 200 (page loads) or a redirect due to missing 2FA – in any // case the admin middleware itself must not block the request. $response->assertStatus(200); } }